|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: New FW architecture? (was RE: Time for a new FWTK?)
Ted Doty (ted
iss.net)
Tue, 02 Dec 1997 09:19:13 -0500
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Ted Doty: "Re: [Theory] Time for a new FWTK? (long)"
- Previous message: Edward Cracknell: "Web Site Hacks"
At 03:57 PM 12/1/97 -0500, Stout, William wrote:
>I believe this is natural evolution of the firewall architecture (Note
>that I did not say proxy server). IMNSO - It's inane to force all the
>possible protocol filtering requirements of a corporation onto one box,
>especially if one user exposes the entire corporation to a new unproven
>protocol.
[lots of interesting ideas deleted]
It's important to keep our eyes on the problem. The external problem is
lack of accountability combined with the lack of any mechanism to (legally)
enforce your policy goals. This is why we focus on prevention, because
it's so dang hard to prosecute.
The internal problem is different. These people work for us. There are
actions we can take if we see someone straying from the bounds set by
policy (at least in theory). My gut feel is that proper monitoring,
combined with education (i.e. letting people know that you know what's
happening) is a moderately good deterrent.
- Ted
--------------------------------------------------------------
Ted Doty, Internet Security Systems | Phone: +1 770 395 0150
41 Perimeter Center East | Fax: +1 770 395 1972
Atlanta, GA 30346 USA | Web: http://www.iss.net
--------------------------------------------------------------
PGP key fingerprint: 362A EAC7 9E08 1689 FD0F E625 D525 E1BE
- Next message: Ted Doty: "Re: [Theory] Time for a new FWTK? (long)"
- Previous message: Edward Cracknell: "Web Site Hacks"
This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:09:54 CDT